From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mx.groups.io with SMTP id smtpd.web11.9632.1624370937678086841
 for <devel@edk2.groups.io>;
 Tue, 22 Jun 2021 07:08:58 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=JdzOiXit;
 spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1624370936;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=FpaaXOsJx/+3rxiVOg7KPmJ48gQwHGou813L1t2gG2o=;
	b=JdzOiXitFQhTezVofSQU2LLGWikcmxHwsOCa8BtGWskP5Za24i0sOWkP0RarxcJh225bRg
	VcZDfnvT0DFq8UwPjU9cQEgiyudrq7KjX+h5DxmbjnxGqySdwKqgAGKkk3SZWHpgX3txzN
	trC9S+fDNJdKcYURjsgyjeAF7PhMGKU=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-202-XhTfguhVP7mLocRlCVFUYQ-1; Tue, 22 Jun 2021 10:08:55 -0400
X-MC-Unique: XhTfguhVP7mLocRlCVFUYQ-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 47278362FE;
	Tue, 22 Jun 2021 14:08:54 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-115-52.ams2.redhat.com [10.36.115.52])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id F2F0960854;
	Tue, 22 Jun 2021 14:08:52 +0000 (UTC)
Subject: Re: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: Initialize the fixed previous shadow stack token.
From: "Laszlo Ersek" <lersek@redhat.com>
To: Sheng Wei <w.sheng@intel.com>, devel@edk2.groups.io
Cc: Eric Dong <eric.dong@intel.com>, Ray Ni <ray.ni@intel.com>,
 Rahul Kumar <rahul1.kumar@intel.com>, Jiewen Yao <jiewen.yao@intel.com>
References: <20210613043638.4208-1-w.sheng@intel.com>
 <2905f738-c08a-a9fd-4770-6fcd80907a72@redhat.com>
Message-ID: <05fb0002-ec91-4121-ae79-3103ec3f2df7@redhat.com>
Date: Tue, 22 Jun 2021 16:08:51 +0200
MIME-Version: 1.0
In-Reply-To: <2905f738-c08a-a9fd-4770-6fcd80907a72@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 06/22/21 16:05, Laszlo Ersek wrote:
> On 06/13/21 06:36, Sheng Wei wrote:
>> The fixed previous shadow stack token should be initialized as UINT64.
>>
>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3192

(4) Please open a new BZ ticket for this issue. (It's OK to add the
previous ticket number, 3192, to the "See Also" field of the new ticket,
and to make a new comment on the old ticket as well.)

BZ#3192 was moved to RESOLVED|FIXED state in March, and commit
0930e7ff6428 has been part of two stable tags since; namely
edk2-stable202102 and edk2-stable202105. At this point, BZ#3192 should
no longer be modified; the issue needs to be tracked by a new ticket.

Thanks
Laszlo


>>
>> Signed-off-by: Sheng Wei <w.sheng@intel.com>
>> Cc: Eric Dong <eric.dong@intel.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Rahul Kumar <rahul1.kumar@intel.com>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> ---
>>  UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
>> index 661c1ba294..ca3f5ff91a 100644
>> --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
>> +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
>> @@ -202,7 +202,7 @@ InitShadowStack (
>>        // Please refer to UefiCpuPkg/Library/CpuExceptionHandlerLib/X64 for the full stack frame at runtime.
>>        //
>>        InterruptSsp = (UINT32)((UINTN)ShadowStack + EFI_PAGES_TO_SIZE(1) - sizeof(UINT64));
>> -      *(UINT32 *)(UINTN)InterruptSsp = (InterruptSsp - sizeof(UINT64) * 4) | 0x2;
>> +      *(UINT64 *)(UINTN)InterruptSsp = (InterruptSsp - sizeof(UINT64) * 4) | 0x2;
>>        mCetInterruptSsp = InterruptSsp - sizeof(UINT64);
>>  
>>        mCetInterruptSspTable = (UINT32)(UINTN)(mSmmInterruptSspTables + sizeof(UINT64) * 8 * CpuIndex);
>>
> 
> (1) Please add the following line to the commit message:
> 
> Fixes: 0930e7ff64281017762c8c055bab38925944c724
> 
> (2) The subject line is quite confusing; how about:
> 
>   UefiCpuPkg/PiSmmCpuDxeSmm: initialize shadow stack token as UINT64
> 
> (3) Commit 0930e7ff6428 ("UefiCpuPkg/CpuExceptionHandlerLib: Clear CET
> shadow stack token busy bit", 2021-03-02) was reviewed by Jiewen and
> Ray; I'd like to ask them to review this fix as well.
> 
> Thanks
> Laszlo
>