From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E5E57211CCD5A for ; Thu, 21 Feb 2019 20:16:14 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Feb 2019 20:16:14 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,398,1544515200"; d="scan'208";a="116876446" Received: from jyao1-mobl2.ccr.corp.intel.com ([10.239.192.59]) by orsmga007.jf.intel.com with ESMTP; 21 Feb 2019 20:16:12 -0800 From: Jiewen Yao To: edk2-devel@lists.01.org Cc: Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Laszlo Ersek , Yao Jiewen Date: Fri, 22 Feb 2019 12:15:55 +0800 Message-Id: <20190222041558.25312-1-jiewen.yao@intel.com> X-Mailer: git-send-email 2.19.2.windows.1 MIME-Version: 1.0 Subject: [PATCH 0/3] Add SMM CET support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Feb 2019 04:16:15 -0000 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521 This patch series implement add CET ShadowStack support for SMM. The CET document can be found at: https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf Patch 1 adds SSP (ShadowStackPointer) to JUMP_BUFFER. Patch 2 adds Control Protection exception (CP#) dump info. Patch 3 adds CET ShadowStack support in SMM. For more detail please refer to each patch. I also post all update to https://github.com/jyao1/edk2/tree/CET Cc: Michael D Kinney Cc: Liming Gao Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Yao Jiewen Jiewen Yao (3): MdePkg/BaseLib: Add Shadow Stack Support for X86. UefiCpuPkg/ExceptionLib: Add CET support. UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM. MdePkg/Include/Library/BaseLib.h | 2 + MdePkg/Library/BaseLib/Ia32/LongJump.nasm | 18 ++- MdePkg/Library/BaseLib/Ia32/SetJump.nasm | 17 ++- MdePkg/Library/BaseLib/X64/LongJump.nasm | 20 ++- MdePkg/Library/BaseLib/X64/SetJump.nasm | 17 ++- .../Include/Library/SmmCpuFeaturesLib.h | 23 +++- .../CpuExceptionCommon.c | 7 +- .../CpuExceptionCommon.h | 3 +- .../Ia32/ArchExceptionHandler.c | 5 +- .../X64/ArchExceptionHandler.c | 5 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm | 37 ++++++ UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 38 +++++- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 98 ++++++++++++++- .../PiSmmCpuDxeSmm/Ia32/SmiException.nasm | 6 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c | 57 ++++++++- UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 12 +- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 97 ++++++++++++-- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 103 ++++++++++++++- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 6 +- .../PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 85 ++++++++++++- UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 18 ++- UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h | 4 +- UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c | 4 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm | 38 ++++++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 39 +++++- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 119 +++++++++++++++++- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 58 ++++++++- UefiCpuPkg/UefiCpuPkg.dec | 13 +- 28 files changed, 890 insertions(+), 59 deletions(-) create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm -- 2.19.2.windows.1