diff options
Diffstat (limited to 'UefiCpuPkg/CpuMpPei/CpuPaging.c')
| -rw-r--r-- | UefiCpuPkg/CpuMpPei/CpuPaging.c | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c index 3bf0574b34..8ab7dfcce3 100644 --- a/UefiCpuPkg/CpuMpPei/CpuPaging.c +++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include <Library/MemoryAllocationLib.h>
#include <Library/CpuLib.h>
#include <Library/BaseLib.h>
+#include <Guid/MigratedFvInfo.h>
#include "CpuMpPei.h"
@@ -602,9 +603,11 @@ MemoryDiscoveredPpiNotifyCallback ( IN VOID *Ppi
)
{
- EFI_STATUS Status;
- BOOLEAN InitStackGuard;
- BOOLEAN InterruptState;
+ EFI_STATUS Status;
+ BOOLEAN InitStackGuard;
+ BOOLEAN InterruptState;
+ EDKII_MIGRATED_FV_INFO *MigratedFvInfo;
+ EFI_PEI_HOB_POINTERS Hob;
if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {
InterruptState = SaveAndDisableInterrupts ();
@@ -619,9 +622,14 @@ MemoryDiscoveredPpiNotifyCallback ( // the task switch (for the sake of stack switch).
//
InitStackGuard = FALSE;
- if (IsIa32PaeSupported () && PcdGetBool (PcdCpuStackGuard)) {
+ Hob.Raw = NULL;
+ if (IsIa32PaeSupported ()) {
+ Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid);
+ InitStackGuard = PcdGetBool (PcdCpuStackGuard);
+ }
+
+ if (InitStackGuard || Hob.Raw != NULL) {
EnablePaging ();
- InitStackGuard = TRUE;
}
Status = InitializeCpuMpWorker ((CONST EFI_PEI_SERVICES **)PeiServices);
@@ -631,6 +639,20 @@ MemoryDiscoveredPpiNotifyCallback ( SetupStackGuardPage ();
}
+ while (Hob.Raw != NULL) {
+ MigratedFvInfo = GET_GUID_HOB_DATA (Hob);
+
+ //
+ // Enable #PF exception, so if the code access SPI after disable NEM, it will generate
+ // the exception to avoid potential vulnerability.
+ //
+ ConvertMemoryPageAttributes (MigratedFvInfo->FvOrgBase, MigratedFvInfo->FvLength, 0);
+
+ Hob.Raw = GET_NEXT_HOB (Hob);
+ Hob.Raw = GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw);
+ }
+ CpuFlushTlb ();
+
return Status;
}
|