From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D7C65211CAC9F for ; Fri, 22 Feb 2019 05:30:43 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Feb 2019 05:30:43 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,399,1544515200"; d="scan'208";a="118276873" Received: from yzhong5-mobl4.ccr.corp.intel.com (HELO jyao1-MOBL2.ccr.corp.intel.com) ([10.254.213.130]) by orsmga006.jf.intel.com with ESMTP; 22 Feb 2019 05:30:41 -0800 From: Jiewen Yao To: edk2-devel@lists.01.org Cc: Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Laszlo Ersek , Yao Jiewen Date: Fri, 22 Feb 2019 21:30:32 +0800 Message-Id: <20190222133036.28468-1-jiewen.yao@intel.com> X-Mailer: git-send-email 2.19.2.windows.1 MIME-Version: 1.0 Subject: [PATCH V3 0/4] Add SMM CET support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Feb 2019 13:30:44 -0000 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1521 V3: Add Nasm.inc to include CET related instruction as MACRO. This is the only place to use DB. Any other NASM just use the MACRO - SETSSBSY, READSSP_[E|R]AX, INCSSP_[E|R]AX ===================== V2: Fix emulation platform issue. The NT32 platform cannot access CR4 register. So we add a global PCD to choose disable CR4 access in SetJump/LongJump. gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask ===================== This patch series implement add CET ShadowStack support for SMM. The CET document can be found at: https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf Patch 1 adds SSP (ShadowStackPointer) to JUMP_BUFFER. Patch 2 adds Control Protection exception (CP#) dump info. Patch 3 adds CET ShadowStack support in SMM. For more detail please refer to each patch. I also post all update to https://github.com/jyao1/edk2/tree/CET_V2 Cc: Michael D Kinney Cc: Liming Gao Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Yao Jiewen Jiewen Yao (4): MdePkg/Include: Add Nasm.inc MdePkg/BaseLib: Add Shadow Stack Support for X86. UefiCpuPkg/ExceptionLib: Add CET support. UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM. MdePkg/Include/Ia32/Nasm.inc | 28 ++++ MdePkg/Include/Library/BaseLib.h | 2 + MdePkg/Include/X64/Nasm.inc | 28 ++++ MdePkg/Library/BaseLib/BaseLib.inf | 3 +- MdePkg/Library/BaseLib/Ia32/LongJump.c | 28 +++- MdePkg/Library/BaseLib/Ia32/LongJump.nasm | 25 +++- MdePkg/Library/BaseLib/Ia32/SetJump.c | 28 +++- MdePkg/Library/BaseLib/Ia32/SetJump.nasm | 23 +++- MdePkg/Library/BaseLib/X64/LongJump.nasm | 27 +++- MdePkg/Library/BaseLib/X64/SetJump.nasm | 23 +++- MdePkg/MdePkg.dec | 7 + .../Include/Library/SmmCpuFeaturesLib.h | 23 +++- .../CpuExceptionCommon.c | 7 +- .../CpuExceptionCommon.h | 3 +- .../Ia32/ArchExceptionHandler.c | 5 +- .../X64/ArchExceptionHandler.c | 5 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm | 39 ++++++ UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 38 +++++- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 99 ++++++++++++++- .../PiSmmCpuDxeSmm/Ia32/SmiException.nasm | 6 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c | 57 ++++++++- UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 12 +- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 97 ++++++++++++-- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 103 ++++++++++++++- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 6 +- .../PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 85 ++++++++++++- UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 18 ++- UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h | 4 +- UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c | 4 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm | 40 ++++++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 39 +++++- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 120 +++++++++++++++++- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 58 ++++++++- UefiCpuPkg/UefiCpuPkg.dec | 6 +- 34 files changed, 1034 insertions(+), 62 deletions(-) create mode 100644 MdePkg/Include/Ia32/Nasm.inc create mode 100644 MdePkg/Include/X64/Nasm.inc create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm -- 2.19.2.windows.1