From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 2E34A7803DB for ; Fri, 3 Nov 2023 05:35:22 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=6CAtwOjfEUCxU3PeFE7Z75a8SVmjQ1kVAPl5EnrEyoY=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1698989720; v=1; b=GHWtguasvDH+hZ+a5ssmVjYOh0n5V1nDliJ0ApzgROQSrKAlEO0QiCTqE6vwPLmsCM1xnGIi E5WZQRoxO+8O2Ps88GD7gqeskN3PxNAlz/7Jas4ohTQFAY3UTTNPA5mY2DxkfnLy+0til2LvmE9 loTRdRQM4K4kiJQQ64q5pvPw= X-Received: by 127.0.0.2 with SMTP id Wd3DYY7687511xRgnkKllxC9; Thu, 02 Nov 2023 22:35:20 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web10.30692.1698989719806020273 for ; Thu, 02 Nov 2023 22:35:20 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10882"; a="368228321" X-IronPort-AV: E=Sophos;i="6.03,273,1694761200"; d="scan'208";a="368228321" X-Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Nov 2023 22:35:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10882"; a="827379752" X-IronPort-AV: E=Sophos;i="6.03,273,1694761200"; d="scan'208";a="827379752" X-Received: from shwdesssddpdwei.ccr.corp.intel.com ([10.239.157.28]) by fmsmga008.fm.intel.com with ESMTP; 02 Nov 2023 22:35:13 -0700 From: "Sheng Wei" To: devel@edk2.groups.io Cc: Eric Dong , Ray Ni , Laszlo Ersek , Wu Jiaxin , Tan Dun Subject: [edk2-devel] [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR4.CET before restoring MSR IA32_S_CET Date: Fri, 3 Nov 2023 13:35:10 +0800 Message-Id: <20231103053510.1943-1-w.sheng@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,w.sheng@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: chUhIyiW0ZrFYva2S1Dk75Flx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=GHWtguas; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Clear CR4.CET bit before restoring MSR IA32_S_CET. Backup/restore MSR IA32_U_CET in SMI. Use current CR4 value when changing CR4.CET. Initial mSmmInterruptSspTables to 0. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 62 +++++++++++++---- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 72 ++++++++++++++++---- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +- 3 files changed, 107 insertions(+), 29 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSm= mCpuDxeSmm/Ia32/SmiEntry.nasm index 19de5f614e..a087576a54 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -16,18 +16,19 @@ %include "StuffRsbNasm.inc"=0D %include "Nasm.inc"=0D =0D +%define MSR_IA32_U_CET 0x6A0=0D %define MSR_IA32_S_CET 0x6A2=0D -%define MSR_IA32_CET_SH_STK_EN 0x1=0D -%define MSR_IA32_CET_WR_SHSTK_EN 0x2=0D -%define MSR_IA32_CET_ENDBR_EN 0x4=0D -%define MSR_IA32_CET_LEG_IW_EN 0x8=0D -%define MSR_IA32_CET_NO_TRACK_EN 0x10=0D -%define MSR_IA32_CET_SUPPRESS_DIS 0x20=0D -%define MSR_IA32_CET_SUPPRESS 0x400=0D -%define MSR_IA32_CET_TRACKER 0x800=0D +%define MSR_IA32_CET_SH_STK_EN 0x1=0D +%define MSR_IA32_CET_WR_SHSTK_EN 0x2=0D +%define MSR_IA32_CET_ENDBR_EN 0x4=0D +%define MSR_IA32_CET_LEG_IW_EN 0x8=0D +%define MSR_IA32_CET_NO_TRACK_EN 0x10=0D +%define MSR_IA32_CET_SUPPRESS_DIS 0x20=0D +%define MSR_IA32_CET_SUPPRESS 0x400=0D +%define MSR_IA32_CET_TRACKER 0x800=0D %define MSR_IA32_PL0_SSP 0x6A4=0D =0D -%define CR4_CET 0x800000=0D +%define CR4_CET_BIT 23=0D =0D %define MSR_IA32_MISC_ENABLE 0x1A0=0D %define MSR_EFER 0xc0000080=0D @@ -214,11 +215,21 @@ ASM_PFX(mPatchCetSupported): push edx=0D push eax=0D =0D + mov ecx, MSR_IA32_U_CET=0D + rdmsr=0D + push edx=0D + push eax=0D +=0D mov ecx, MSR_IA32_PL0_SSP=0D rdmsr=0D push edx=0D push eax=0D =0D + mov ecx, MSR_IA32_U_CET=0D + xor eax, eax=0D + xor edx, edx=0D + wrmsr=0D +=0D mov ecx, MSR_IA32_S_CET=0D mov eax, MSR_IA32_CET_SH_STK_EN=0D xor edx, edx=0D @@ -249,7 +260,8 @@ CetInterruptDone: bts ecx, 16 ; set WP=0D mov cr0, ecx=0D =0D - mov eax, 0x668 | CR4_CET=0D + mov eax, cr4=0D + bts eax, CR4_CET_BIT=0D mov cr4, eax=0D =0D setssbsy=0D @@ -276,18 +288,30 @@ CetDone: cmp al, 0=0D jz CetDone2=0D =0D - mov eax, 0x668=0D - mov cr4, eax ; disable CET=0D + mov ecx, MSR_IA32_S_CET=0D + xor eax, eax=0D + xor edx, edx=0D + wrmsr=0D +=0D + ; clear CR4.CET bit=0D + mov eax, cr4=0D + btr eax, CR4_CET_BIT=0D + mov cr4, eax=0D =0D mov ecx, MSR_IA32_PL0_SSP=0D pop eax=0D pop edx=0D wrmsr=0D =0D - mov ecx, MSR_IA32_S_CET=0D + mov ecx, MSR_IA32_U_CET=0D pop eax=0D pop edx=0D wrmsr=0D +=0D + mov ecx, MSR_IA32_S_CET=0D + pop eax=0D + pop edx=0D + mov ebx, eax=0D CetDone2:=0D =0D mov eax, ASM_PFX(mXdSupported)=0D @@ -305,6 +329,18 @@ CetDone2: .7:=0D =0D StuffRsb32=0D +=0D + mov eax, ASM_PFX(mCetSupported)=0D + mov al, [eax]=0D + cmp al, 0=0D + jz CetDone3=0D +=0D + mov ecx, MSR_IA32_S_CET=0D + mov eax, ebx=0D + xor edx, edx=0D + wrmsr=0D +CetDone3:=0D +=0D rsm=0D =0D ASM_PFX(gcSmiHandlerSize): DW $ - _SmiEntryPoint=0D diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmm= CpuDxeSmm/X64/SmiEntry.nasm index d302ca8d01..7aed7c8dda 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -20,19 +20,20 @@ ; Variables referenced by C code=0D ;=0D =0D +%define MSR_IA32_U_CET 0x6A0=0D %define MSR_IA32_S_CET 0x6A2=0D -%define MSR_IA32_CET_SH_STK_EN 0x1=0D -%define MSR_IA32_CET_WR_SHSTK_EN 0x2=0D -%define MSR_IA32_CET_ENDBR_EN 0x4=0D -%define MSR_IA32_CET_LEG_IW_EN 0x8=0D -%define MSR_IA32_CET_NO_TRACK_EN 0x10=0D -%define MSR_IA32_CET_SUPPRESS_DIS 0x20=0D -%define MSR_IA32_CET_SUPPRESS 0x400=0D -%define MSR_IA32_CET_TRACKER 0x800=0D +%define MSR_IA32_CET_SH_STK_EN 0x1=0D +%define MSR_IA32_CET_WR_SHSTK_EN 0x2=0D +%define MSR_IA32_CET_ENDBR_EN 0x4=0D +%define MSR_IA32_CET_LEG_IW_EN 0x8=0D +%define MSR_IA32_CET_NO_TRACK_EN 0x10=0D +%define MSR_IA32_CET_SUPPRESS_DIS 0x20=0D +%define MSR_IA32_CET_SUPPRESS 0x400=0D +%define MSR_IA32_CET_TRACKER 0x800=0D %define MSR_IA32_PL0_SSP 0x6A4=0D %define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8=0D =0D -%define CR4_CET 0x800000=0D +%define CR4_CET_BIT 23=0D =0D %define MSR_IA32_MISC_ENABLE 0x1A0=0D %define MSR_EFER 0xc0000080=0D @@ -230,6 +231,11 @@ ASM_PFX(mPatchCetSupported): push rdx=0D push rax=0D =0D + mov ecx, MSR_IA32_U_CET=0D + rdmsr=0D + push rdx=0D + push rax=0D +=0D mov ecx, MSR_IA32_PL0_SSP=0D rdmsr=0D push rdx=0D @@ -240,6 +246,11 @@ ASM_PFX(mPatchCetSupported): push rdx=0D push rax=0D =0D + mov ecx, MSR_IA32_U_CET=0D + xor eax, eax=0D + xor edx, edx=0D + wrmsr=0D +=0D mov ecx, MSR_IA32_S_CET=0D mov eax, MSR_IA32_CET_SH_STK_EN=0D xor edx, edx=0D @@ -276,7 +287,8 @@ CetInterruptDone: bts ecx, 16 ; set WP=0D mov cr0, rcx=0D =0D - mov eax, 0x668 | CR4_CET=0D + mov rax, cr4=0D + bts rax, CR4_CET_BIT=0D mov cr4, rax=0D =0D setssbsy=0D @@ -316,13 +328,20 @@ CpuSmmDebugExitAbsAddr: add rsp, 0x200=0D =0D mov rax, strict qword 0 ; mov rax, ASM_PFX(mCetSuppo= rted)=0D -mCetSupportedAbsAddr:=0D +mCetSupportedAbsAddr1:=0D mov al, [rax]=0D cmp al, 0=0D jz CetDone2=0D =0D - mov eax, 0x668=0D - mov cr4, rax ; disable CET=0D + mov ecx, MSR_IA32_S_CET=0D + xor eax, eax=0D + xor edx, edx=0D + wrmsr=0D +=0D + ; clear CR4.CET bit=0D + mov rax, cr4=0D + btr rax, CR4_CET_BIT=0D + mov cr4, rax=0D =0D mov ecx, MSR_IA32_INTERRUPT_SSP_TABLE_ADDR=0D pop rax=0D @@ -334,10 +353,15 @@ mCetSupportedAbsAddr: pop rdx=0D wrmsr=0D =0D - mov ecx, MSR_IA32_S_CET=0D + mov ecx, MSR_IA32_U_CET=0D pop rax=0D pop rdx=0D wrmsr=0D +=0D + mov ecx, MSR_IA32_S_CET=0D + pop rax=0D + pop rdx=0D + mov ebx, eax=0D CetDone2:=0D =0D mov rax, strict qword 0 ; lea rax, [ASM_PFX(mXdS= upported)]=0D @@ -356,6 +380,19 @@ mXdSupportedAbsAddr: .1:=0D =0D StuffRsb64=0D +=0D + mov rax, strict qword 0 ; mov rax, ASM_PFX(mCetSuppo= rted)=0D +mCetSupportedAbsAddr2:=0D + mov al, [rax]=0D + cmp al, 0=0D + jz CetDone3=0D +=0D + mov ecx, MSR_IA32_S_CET=0D + mov eax, ebx=0D + xor edx, edx=0D + wrmsr=0D +CetDone3:=0D +=0D rsm=0D =0D ASM_PFX(gcSmiHandlerSize) DW $ - _SmiEntryPoint=0D @@ -391,6 +428,11 @@ ASM_PFX(PiSmmCpuSmiEntryFixupAddress): mov qword [rcx - 8], rax=0D =0D lea rax, [ASM_PFX(mCetSupported)]=0D - lea rcx, [mCetSupportedAbsAddr]=0D + lea rcx, [mCetSupportedAbsAddr1]=0D mov qword [rcx - 8], rax=0D +=0D + lea rax, [ASM_PFX(mCetSupported)]=0D + lea rcx, [mCetSupportedAbsAddr2]=0D + mov qword [rcx - 8], rax=0D +=0D ret=0D diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c b/UefiCpuPkg/PiSm= mCpuDxeSmm/X64/SmmFuncsArch.c index c4f21e2155..6c53213b0b 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c @@ -20,7 +20,7 @@ UINT32 mCetPl0Ssp; UINT32 mCetInterruptSsp;=0D UINT32 mCetInterruptSspTable;=0D =0D -UINTN mSmmInterruptSspTables;=0D +UINTN mSmmInterruptSspTables =3D 0;=0D =0D /**=0D Initialize IDT IST Field.=0D --=20 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110605): https://edk2.groups.io/g/devel/message/110605 Mute This Topic: https://groups.io/mt/102358752/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-