From 79186ddcddcabe48eceb58efd296252e3d53b003 Mon Sep 17 00:00:00 2001
From: Ray Ni <ray.ni@intel.com>
Date: Mon, 26 Aug 2019 06:13:17 +0800
Subject: UefiCpuPkg/PiSmmCpu: Restrict access per
 PcdCpuSmmRestrictedMemoryAccess

Today's behavior is to always restrict access to non-SMRAM regardless
the value of PcdCpuSmmRestrictedMemoryAccess.

Because RAS components require to access all non-SMRAM memory, the
patch changes the code logic to honor PcdCpuSmmRestrictedMemoryAccess
so that only when the PCD is true, the restriction takes affect and
page table memory is also protected.

Because IA32 build doesn't reference this PCD, such restriction
always takes affect in IA32 build.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'UefiCpuPkg/PiSmmCpuDxeSmm/X64')

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
index 7516f35055..733d107efd 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
@@ -1252,3 +1252,17 @@ RestoreCr2 (
     AsmWriteCr2 (Cr2);
   }
 }
+
+/**
+  Return whether access to non-SMRAM is restricted.
+
+  @retval TRUE  Access to non-SMRAM is restricted.
+  @retval FALSE Access to non-SMRAM is not restricted.
+*/
+BOOLEAN
+IsRestrictedMemoryAccess (
+  VOID
+  )
+{
+  return mCpuSmmRestrictedMemoryAccess;
+}
-- 
cgit v1.2.3