From patchwork Wed Jun  1 19:03:30 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Laszlo Ersek <lersek@redhat.com>
X-Patchwork-Id: 69059
Delivered-To: patch@linaro.org
Received: by 10.140.92.199 with SMTP id b65csp259480qge;
 Wed, 1 Jun 2016 12:03:41 -0700 (PDT)
X-Received: by 10.98.102.205 with SMTP id s74mr11606304pfj.54.1464807821386; 
 Wed, 01 Jun 2016 12:03:41 -0700 (PDT)
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org. [2001:19d0:306:5::1])
 by mx.google.com with ESMTPS id
 g13si52673416pfg.160.2016.06.01.12.03.41
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 01 Jun 2016 12:03:41 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1
 as permitted sender) client-ip=2001:19d0:306:5::1; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1
 as permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org
Received: from [127.0.0.1] (localhost [IPv6:::1])
 by ml01.01.org (Postfix) with ESMTP id 76C271A1DF5;
 Wed,  1 Jun 2016 12:03:56 -0700 (PDT)
X-Original-To: edk2-devel@ml01.01.org
Delivered-To: edk2-devel@ml01.01.org
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 8BEC71A1DF5
 for <edk2-devel@ml01.01.org>; Wed,  1 Jun 2016 12:03:54 -0700 (PDT)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
 (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 9BFFE80500;
 Wed,  1 Jun 2016 19:03:38 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com
 (ovpn-116-149.phx2.redhat.com [10.3.116.149])
 by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
 ESMTP id u51J3ZgK032052; Wed, 1 Jun 2016 15:03:37 -0400
From: Laszlo Ersek <lersek@redhat.com>
To: edk2-devel-01 <edk2-devel@ml01.01.org>
Date: Wed,  1 Jun 2016 21:03:30 +0200
Message-Id: <1464807811-14917-2-git-send-email-lersek@redhat.com>
In-Reply-To: <1464807811-14917-1-git-send-email-lersek@redhat.com>
References: <1464807811-14917-1-git-send-email-lersek@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.27]); Wed, 01 Jun 2016 19:03:38 +0000 (UTC)
Subject: [edk2] [PATCH 1/2] UefiCpuPkg: change PcdCpuSmmStackGuard default
 to TRUE
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Jordan Justen <jordan.l.justen@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Jeff Fan <jeff.fan@intel.com>
MIME-Version: 1.0
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>

This Feature PCD causes PiSmmCpuDxe to catch SMM stack overflow at
runtime, logging a clear error message, and entering a CPU dead loop.
Compared to the chaotic and catastrophic consequences of the stack leaking
into, and corrupting, the SMM page table, a stack guard that is enabled by
default is vastly superior.

We should not require sane platforms to explicitly opt in to this
safeguard; instead, we should require platforms that prefer to live
dangerously to opt out of it.

Stack overflow in SMM might even give rise to security vulnerabilities.

Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Ref: http://thread.gmane.org/gmane.comp.bios.edk2.devel/12864
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1341733
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 UefiCpuPkg/UefiCpuPkg.dec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
1.8.3.1


_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 16637dfdc14b..ef46318a8935 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -85,11 +85,11 @@ [PcdsFeatureFlag]
   gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmBlockStartupThisAp|FALSE|BOOLEAN|0x32132108
 
   ## Indicates if SMM Stack Guard will be enabled.
-  #  If enabled, stack overflow in SMM can be caught which eases debugging.<BR><BR>
+  #  If enabled, stack overflow in SMM can be caught, preventing chaotic consequences.<BR><BR>
   #   TRUE  - SMM Stack Guard will be enabled.<BR>
   #   FALSE - SMM Stack Guard will be disabled.<BR>
   # @Prompt Enable SMM Stack Guard.
-  gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard|FALSE|BOOLEAN|0x1000001C
+  gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard|TRUE|BOOLEAN|0x1000001C
 
   ## Indicates if BSP election in SMM will be enabled.
   #  If enabled, a BSP will be dynamically elected among all processors in each SMI.