Fail fast

MmSupervisorPkg/Core/PrivilegeMgmt/SyscallDispatcher.c

@@ -629,13 +629,13 @@ SyscallDispatcher (
   if (EFI_ERROR (Status)) {
     // Prepare the content and try to engage exception handler here
     // TODO: Do buffer preparation
-    ASSERT_EFI_ERROR (Status);
     if (mSmmRebootOnException) {
       DEBUG ((DEBUG_ERROR, "%a - Specifically invoke break point exception to log telemetry.\n", __FUNCTION__));
       CpuBreakpoint ();
       ResetWarm ();
     }
 
+    ASSERT_EFI_ERROR (Status);
     CpuDeadLoop ();
   }
 

MmSupervisorPkg/Core/Services/MpService/MpService.c

@@ -67,6 +67,8 @@ SPIN_LOCK                    *mPFLock = NULL;
 SMM_CPU_SYNC_MODE            mCpuSmmSyncMode;
 BOOLEAN                      mMachineCheckSupported = FALSE;
 MM_COMPLETION                mSmmStartupThisApToken;
+volatile BOOLEAN             mFailFastOccurred = FALSE;
+BASE_LIBRARY_JUMP_BUFFER     *mJumpBuffer = NULL;
 
 //
 // Processor specified by mPackageFirstThreadIndex[PackageIndex] will do the package-scope register check.
@@ -1579,6 +1581,30 @@ CpuSmmDebugExit (
   }
 }
 
+VOID
+EFIAPI
+TriggerFailFast (
+  UINTN         CpuIndex
+  )
+{
+  UINT32      ApicId;
+
+  DEBUG ((DEBUG_ERROR, "%a - Entry.\n", __FUNCTION__));
+
+  // Inject an NMI to the local APIC, which will take effect once we do RSM.
+  ApicId = GetApicId ();
+  SendFixedIpi (ApicId, EXCEPT_IA32_NMI);
+
+  DEBUG ((DEBUG_ERROR, "%a - NMI injected on APIC ID 0x%x.\n", __FUNCTION__, ApicId));
+
+  // Set the error flag, in case we are back in the MM again
+  mFailFastOccurred = TRUE;
+
+  // Resume to non-MM environment
+  DEBUG ((DEBUG_ERROR, "%a - Marked all following MMIs as invalid. Preparing to long jump.\n", __FUNCTION__));
+  LongJump (&mJumpBuffer[CpuIndex], 1);
+}
+
 /**
   C function for SMI entry, each processor comes here upon SMI trigger.
 
@@ -1648,6 +1674,13 @@ SmiRendezvous (
     MpPerfEnd (CpuIndex, SMM_MP_PERF_PROCEDURE_ID (SmmRendezvousEntry));
     );
 
+  //
+  // Fail fast has occurred before, MMI should not function, meaning that MM is defeatured
+  //
+  if (mFailFastOccurred) {
+    goto Exit;
+  }
+
   //
   // Determine if this is a valid SMI
   //
@@ -1773,9 +1806,21 @@ SmiRendezvous (
         //
         // BSP Handler is always called with a ValidSmi == TRUE
         //
-        BSPHandler (CpuIndex, mSmmMpSyncData->EffectiveSyncMode);
+        if (SetJump (&mJumpBuffer[CpuIndex]) == 0){
+          BSPHandler (CpuIndex, mSmmMpSyncData->EffectiveSyncMode);
+        } else {
+          // Fail fast is invoked, we should have injected NMI, return to non-SMM
+          DEBUG ((DEBUG_ERROR, "%a Fail fast triggered on BSP (0x%x), exiting...\n", __FUNCTION__, CpuIndex));
+          goto Exit;
+        }
       } else {
-        APHandler (CpuIndex, ValidSmi, mSmmMpSyncData->EffectiveSyncMode);
+        if (SetJump (&mJumpBuffer[CpuIndex]) == 0){
+          APHandler (CpuIndex, ValidSmi, mSmmMpSyncData->EffectiveSyncMode);
+        } else {
+          // Fail fast is invoked, we should have injected NMI, return to non-SMM
+          DEBUG ((DEBUG_ERROR, "%a Fail fast triggered on AP (0x%x), exiting...\n", __FUNCTION__, CpuIndex));
+          goto Exit;
+        }
       }
     }
 
@@ -2086,6 +2131,11 @@ InitializeMpServiceData (
       );
   }
 
+  mJumpBuffer = AllocatePool (sizeof (BASE_LIBRARY_JUMP_BUFFER) * gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus);
+  if (mJumpBuffer == NULL) {
+    ASSERT (FALSE);
+  }
+
   //
   // Record current MTRR settings
   //

MmSupervisorPkg/Core/Services/MpService/MpService.h

@@ -239,4 +239,10 @@ SmmWaitForApArrival (
   VOID
   );
 
+VOID
+EFIAPI
+TriggerFailFast (
+  UINTN         CpuIndex
+  );
+
 #endif //_MM_CORE_MP_H_

MmSupervisorPkg/Core/Telemetry/Telemetry.c

@@ -19,6 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include "Services/CpuService/CpuService.h"
 #include "PrivilegeMgmt/PrivilegeMgmt.h"
 #include "Mem/Mem.h"
+#include "Services/MpService/MpService.h"
 
 #define          MM_SUPV_RETRY_CNT  1
 
@@ -183,13 +184,15 @@ SmmSupervisorMiscExceptionHandler (
 
   ReleaseSpinLock (mCpuExceptionToken);
 
+  TriggerFailFast (CpuIndex);
+
 HaltOrReboot:
   if (mSmmRebootOnException) {
     DEBUG ((DEBUG_ERROR, "%a - Reboot here in test mode.\n", __FUNCTION__));
     ResetWarm ();
   }
 
-  // Should not be here...
+  DEBUG ((DEBUG_ERROR, "%a - The platform elects to hard hang here...\n", __FUNCTION__));
   CpuDeadLoop ();
 }