8558838922
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1305
The patch reverts commit 1ed6498c4a
* UefiCpuPkg/CommonFeature: Skip locking when the feature is disabled
FEATURE_CONTROL.Lock bit is controlled by feature
CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER. The commit 1ed649 fixes
a bug that when the feature is disabled, the Lock bit is cleared.
But it's a security hole if the bit is cleared when booting OS.
We can argue that platform needs to make sure the value
of PcdCpuFeaturesUserConfiguration should be set properly to make
sure feature CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER is enabled.
But it's better to guarantee this in the generic core code.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
329 lines
12 KiB
C
329 lines
12 KiB
C
/** @file
|
|
Features in MSR_IA32_FEATURE_CONTROL register.
|
|
|
|
Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
|
|
This program and the accompanying materials
|
|
are licensed and made available under the terms and conditions of the BSD License
|
|
which accompanies this distribution. The full text of the license may be found at
|
|
http://opensource.org/licenses/bsd-license.php
|
|
|
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|
|
|
**/
|
|
|
|
#include "CpuCommonFeatures.h"
|
|
|
|
/**
|
|
Prepares for the data used by CPU feature detection and initialization.
|
|
|
|
@param[in] NumberOfProcessors The number of CPUs in the platform.
|
|
|
|
@return Pointer to a buffer of CPU related configuration data.
|
|
|
|
@note This service could be called by BSP only.
|
|
**/
|
|
VOID *
|
|
EFIAPI
|
|
FeatureControlGetConfigData (
|
|
IN UINTN NumberOfProcessors
|
|
)
|
|
{
|
|
VOID *ConfigData;
|
|
|
|
ConfigData = AllocateZeroPool (sizeof (MSR_IA32_FEATURE_CONTROL_REGISTER) * NumberOfProcessors);
|
|
ASSERT (ConfigData != NULL);
|
|
return ConfigData;
|
|
}
|
|
|
|
/**
|
|
Detects if VMX feature supported on current processor.
|
|
|
|
@param[in] ProcessorNumber The index of the CPU executing this function.
|
|
@param[in] CpuInfo A pointer to the REGISTER_CPU_FEATURE_INFORMATION
|
|
structure for the CPU executing this function.
|
|
@param[in] ConfigData A pointer to the configuration buffer returned
|
|
by CPU_FEATURE_GET_CONFIG_DATA. NULL if
|
|
CPU_FEATURE_GET_CONFIG_DATA was not provided in
|
|
RegisterCpuFeature().
|
|
|
|
@retval TRUE VMX feature is supported.
|
|
@retval FALSE VMX feature is not supported.
|
|
|
|
@note This service could be called by BSP/APs.
|
|
**/
|
|
BOOLEAN
|
|
EFIAPI
|
|
VmxSupport (
|
|
IN UINTN ProcessorNumber,
|
|
IN REGISTER_CPU_FEATURE_INFORMATION *CpuInfo,
|
|
IN VOID *ConfigData OPTIONAL
|
|
)
|
|
{
|
|
MSR_IA32_FEATURE_CONTROL_REGISTER *MsrRegister;
|
|
|
|
ASSERT (ConfigData != NULL);
|
|
MsrRegister = (MSR_IA32_FEATURE_CONTROL_REGISTER *) ConfigData;
|
|
MsrRegister[ProcessorNumber].Uint64 = AsmReadMsr64 (MSR_IA32_FEATURE_CONTROL);
|
|
return (CpuInfo->CpuIdVersionInfoEcx.Bits.VMX == 1);
|
|
}
|
|
|
|
/**
|
|
Initializes VMX feature to specific state.
|
|
|
|
@param[in] ProcessorNumber The index of the CPU executing this function.
|
|
@param[in] CpuInfo A pointer to the REGISTER_CPU_FEATURE_INFORMATION
|
|
structure for the CPU executing this function.
|
|
@param[in] ConfigData A pointer to the configuration buffer returned
|
|
by CPU_FEATURE_GET_CONFIG_DATA. NULL if
|
|
CPU_FEATURE_GET_CONFIG_DATA was not provided in
|
|
RegisterCpuFeature().
|
|
@param[in] State If TRUE, then the VMX feature must be enabled.
|
|
If FALSE, then the VMX feature must be disabled.
|
|
|
|
@retval RETURN_SUCCESS VMX feature is initialized.
|
|
|
|
@note This service could be called by BSP only.
|
|
**/
|
|
RETURN_STATUS
|
|
EFIAPI
|
|
VmxInitialize (
|
|
IN UINTN ProcessorNumber,
|
|
IN REGISTER_CPU_FEATURE_INFORMATION *CpuInfo,
|
|
IN VOID *ConfigData, OPTIONAL
|
|
IN BOOLEAN State
|
|
)
|
|
{
|
|
MSR_IA32_FEATURE_CONTROL_REGISTER *MsrRegister;
|
|
|
|
//
|
|
// The scope of EnableVmxOutsideSmx bit in the MSR_IA32_FEATURE_CONTROL is core for
|
|
// below processor type, only program MSR_IA32_FEATURE_CONTROL for thread 0 in each
|
|
// core.
|
|
//
|
|
if (IS_SILVERMONT_PROCESSOR (CpuInfo->DisplayFamily, CpuInfo->DisplayModel) ||
|
|
IS_GOLDMONT_PROCESSOR (CpuInfo->DisplayFamily, CpuInfo->DisplayModel) ||
|
|
IS_GOLDMONT_PLUS_PROCESSOR (CpuInfo->DisplayFamily, CpuInfo->DisplayModel)) {
|
|
if (CpuInfo->ProcessorInfo.Location.Thread != 0) {
|
|
return RETURN_SUCCESS;
|
|
}
|
|
}
|
|
|
|
ASSERT (ConfigData != NULL);
|
|
MsrRegister = (MSR_IA32_FEATURE_CONTROL_REGISTER *) ConfigData;
|
|
if (MsrRegister[ProcessorNumber].Bits.Lock == 0) {
|
|
CPU_REGISTER_TABLE_WRITE_FIELD (
|
|
ProcessorNumber,
|
|
Msr,
|
|
MSR_IA32_FEATURE_CONTROL,
|
|
MSR_IA32_FEATURE_CONTROL_REGISTER,
|
|
Bits.EnableVmxOutsideSmx,
|
|
(State) ? 1 : 0
|
|
);
|
|
}
|
|
return RETURN_SUCCESS;
|
|
}
|
|
|
|
/**
|
|
Detects if Lock Feature Control Register feature supported on current processor.
|
|
|
|
@param[in] ProcessorNumber The index of the CPU executing this function.
|
|
@param[in] CpuInfo A pointer to the REGISTER_CPU_FEATURE_INFORMATION
|
|
structure for the CPU executing this function.
|
|
@param[in] ConfigData A pointer to the configuration buffer returned
|
|
by CPU_FEATURE_GET_CONFIG_DATA. NULL if
|
|
CPU_FEATURE_GET_CONFIG_DATA was not provided in
|
|
RegisterCpuFeature().
|
|
|
|
@retval TRUE Lock Feature Control Register feature is supported.
|
|
@retval FALSE Lock Feature Control Register feature is not supported.
|
|
|
|
@note This service could be called by BSP/APs.
|
|
**/
|
|
BOOLEAN
|
|
EFIAPI
|
|
LockFeatureControlRegisterSupport (
|
|
IN UINTN ProcessorNumber,
|
|
IN REGISTER_CPU_FEATURE_INFORMATION *CpuInfo,
|
|
IN VOID *ConfigData OPTIONAL
|
|
)
|
|
{
|
|
MSR_IA32_FEATURE_CONTROL_REGISTER *MsrRegister;
|
|
|
|
ASSERT (ConfigData != NULL);
|
|
MsrRegister = (MSR_IA32_FEATURE_CONTROL_REGISTER *) ConfigData;
|
|
MsrRegister[ProcessorNumber].Uint64 = AsmReadMsr64 (MSR_IA32_FEATURE_CONTROL);
|
|
return TRUE;
|
|
}
|
|
|
|
/**
|
|
Initializes Lock Feature Control Register feature to specific state.
|
|
|
|
@param[in] ProcessorNumber The index of the CPU executing this function.
|
|
@param[in] CpuInfo A pointer to the REGISTER_CPU_FEATURE_INFORMATION
|
|
structure for the CPU executing this function.
|
|
@param[in] ConfigData A pointer to the configuration buffer returned
|
|
by CPU_FEATURE_GET_CONFIG_DATA. NULL if
|
|
CPU_FEATURE_GET_CONFIG_DATA was not provided in
|
|
RegisterCpuFeature().
|
|
@param[in] State If TRUE, then the Lock Feature Control Register feature must be enabled.
|
|
If FALSE, then the Lock Feature Control Register feature must be disabled.
|
|
|
|
@retval RETURN_SUCCESS Lock Feature Control Register feature is initialized.
|
|
|
|
@note This service could be called by BSP only.
|
|
**/
|
|
RETURN_STATUS
|
|
EFIAPI
|
|
LockFeatureControlRegisterInitialize (
|
|
IN UINTN ProcessorNumber,
|
|
IN REGISTER_CPU_FEATURE_INFORMATION *CpuInfo,
|
|
IN VOID *ConfigData, OPTIONAL
|
|
IN BOOLEAN State
|
|
)
|
|
{
|
|
MSR_IA32_FEATURE_CONTROL_REGISTER *MsrRegister;
|
|
|
|
//
|
|
// The scope of Lock bit in the MSR_IA32_FEATURE_CONTROL is core for
|
|
// below processor type, only program MSR_IA32_FEATURE_CONTROL for thread 0 in each
|
|
// core.
|
|
//
|
|
if (IS_SILVERMONT_PROCESSOR (CpuInfo->DisplayFamily, CpuInfo->DisplayModel) ||
|
|
IS_GOLDMONT_PROCESSOR (CpuInfo->DisplayFamily, CpuInfo->DisplayModel) ||
|
|
IS_GOLDMONT_PLUS_PROCESSOR (CpuInfo->DisplayFamily, CpuInfo->DisplayModel)) {
|
|
if (CpuInfo->ProcessorInfo.Location.Thread != 0) {
|
|
return RETURN_SUCCESS;
|
|
}
|
|
}
|
|
|
|
ASSERT (ConfigData != NULL);
|
|
MsrRegister = (MSR_IA32_FEATURE_CONTROL_REGISTER *) ConfigData;
|
|
if (MsrRegister[ProcessorNumber].Bits.Lock == 0) {
|
|
CPU_REGISTER_TABLE_WRITE_FIELD (
|
|
ProcessorNumber,
|
|
Msr,
|
|
MSR_IA32_FEATURE_CONTROL,
|
|
MSR_IA32_FEATURE_CONTROL_REGISTER,
|
|
Bits.Lock,
|
|
1
|
|
);
|
|
}
|
|
return RETURN_SUCCESS;
|
|
}
|
|
|
|
/**
|
|
Detects if SMX feature supported on current processor.
|
|
|
|
@param[in] ProcessorNumber The index of the CPU executing this function.
|
|
@param[in] CpuInfo A pointer to the REGISTER_CPU_FEATURE_INFORMATION
|
|
structure for the CPU executing this function.
|
|
@param[in] ConfigData A pointer to the configuration buffer returned
|
|
by CPU_FEATURE_GET_CONFIG_DATA. NULL if
|
|
CPU_FEATURE_GET_CONFIG_DATA was not provided in
|
|
RegisterCpuFeature().
|
|
|
|
@retval TRUE SMX feature is supported.
|
|
@retval FALSE SMX feature is not supported.
|
|
|
|
@note This service could be called by BSP/APs.
|
|
**/
|
|
BOOLEAN
|
|
EFIAPI
|
|
SmxSupport (
|
|
IN UINTN ProcessorNumber,
|
|
IN REGISTER_CPU_FEATURE_INFORMATION *CpuInfo,
|
|
IN VOID *ConfigData OPTIONAL
|
|
)
|
|
{
|
|
MSR_IA32_FEATURE_CONTROL_REGISTER *MsrRegister;
|
|
|
|
ASSERT (ConfigData != NULL);
|
|
MsrRegister = (MSR_IA32_FEATURE_CONTROL_REGISTER *) ConfigData;
|
|
MsrRegister[ProcessorNumber].Uint64 = AsmReadMsr64 (MSR_IA32_FEATURE_CONTROL);
|
|
return (CpuInfo->CpuIdVersionInfoEcx.Bits.SMX == 1);
|
|
}
|
|
|
|
/**
|
|
Initializes SMX feature to specific state.
|
|
|
|
@param[in] ProcessorNumber The index of the CPU executing this function.
|
|
@param[in] CpuInfo A pointer to the REGISTER_CPU_FEATURE_INFORMATION
|
|
structure for the CPU executing this function.
|
|
@param[in] ConfigData A pointer to the configuration buffer returned
|
|
by CPU_FEATURE_GET_CONFIG_DATA. NULL if
|
|
CPU_FEATURE_GET_CONFIG_DATA was not provided in
|
|
RegisterCpuFeature().
|
|
@param[in] State If TRUE, then SMX feature must be enabled.
|
|
If FALSE, then SMX feature must be disabled.
|
|
|
|
@retval RETURN_SUCCESS SMX feature is initialized.
|
|
@retval RETURN_UNSUPPORTED VMX not initialized.
|
|
|
|
@note This service could be called by BSP only.
|
|
**/
|
|
RETURN_STATUS
|
|
EFIAPI
|
|
SmxInitialize (
|
|
IN UINTN ProcessorNumber,
|
|
IN REGISTER_CPU_FEATURE_INFORMATION *CpuInfo,
|
|
IN VOID *ConfigData, OPTIONAL
|
|
IN BOOLEAN State
|
|
)
|
|
{
|
|
MSR_IA32_FEATURE_CONTROL_REGISTER *MsrRegister;
|
|
RETURN_STATUS Status;
|
|
|
|
//
|
|
// The scope of Lock bit in the MSR_IA32_FEATURE_CONTROL is core for
|
|
// below processor type, only program MSR_IA32_FEATURE_CONTROL for thread 0 in each
|
|
// core.
|
|
//
|
|
if (IS_GOLDMONT_PROCESSOR (CpuInfo->DisplayFamily, CpuInfo->DisplayModel) ||
|
|
IS_GOLDMONT_PLUS_PROCESSOR (CpuInfo->DisplayFamily, CpuInfo->DisplayModel)) {
|
|
if (CpuInfo->ProcessorInfo.Location.Thread != 0) {
|
|
return RETURN_SUCCESS;
|
|
}
|
|
}
|
|
|
|
Status = RETURN_SUCCESS;
|
|
|
|
if (State && (!IsCpuFeatureInSetting (CPU_FEATURE_VMX))) {
|
|
DEBUG ((DEBUG_WARN, "Warning :: Can't enable SMX feature when VMX feature not enabled, disable it.\n"));
|
|
State = FALSE;
|
|
Status = RETURN_UNSUPPORTED;
|
|
}
|
|
|
|
ASSERT (ConfigData != NULL);
|
|
MsrRegister = (MSR_IA32_FEATURE_CONTROL_REGISTER *) ConfigData;
|
|
if (MsrRegister[ProcessorNumber].Bits.Lock == 0) {
|
|
CPU_REGISTER_TABLE_WRITE_FIELD (
|
|
ProcessorNumber,
|
|
Msr,
|
|
MSR_IA32_FEATURE_CONTROL,
|
|
MSR_IA32_FEATURE_CONTROL_REGISTER,
|
|
Bits.SenterLocalFunctionEnables,
|
|
(State) ? 0x7F : 0
|
|
);
|
|
|
|
CPU_REGISTER_TABLE_WRITE_FIELD (
|
|
ProcessorNumber,
|
|
Msr,
|
|
MSR_IA32_FEATURE_CONTROL,
|
|
MSR_IA32_FEATURE_CONTROL_REGISTER,
|
|
Bits.SenterGlobalEnable,
|
|
(State) ? 1 : 0
|
|
);
|
|
|
|
CPU_REGISTER_TABLE_WRITE_FIELD (
|
|
ProcessorNumber,
|
|
Msr,
|
|
MSR_IA32_FEATURE_CONTROL,
|
|
MSR_IA32_FEATURE_CONTROL_REGISTER,
|
|
Bits.EnableVmxInsideSmx,
|
|
(State) ? 1 : 0
|
|
);
|
|
}
|
|
return Status;
|
|
}
|