* [edk2-devel] [PATCH v5 0/6] MdePkg: Add macro definitions for CET feature for NASM files.
@ 2023-11-15 4:12 Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 1/6] " Sheng Wei
` (5 more replies)
0 siblings, 6 replies; 10+ messages in thread
From: Sheng Wei @ 2023-11-15 4:12 UTC (permalink / raw)
To: devel
Patch V5:
File cet.inc will be used in both MdePkg UefiCpuPkg.
Move cet.inc file from UefiCpuPkg to MdePkg.
Use macro CR4_CET_BIT to replace hard code value for
both LongJump.nasm and SetJump.nasm.
Patch V4:
Separate the changes to 5 patches.
1) Add macro definitions for CET feature for NASM files.
2) Use macro CR4_CET_BIT to replace hard code value in Cet.nasm.
3) Use CET macro definitions in Cet.inc for SmiEntry.nasm files.
4) Only change CR4.CET bit for enable/disable CET.
5) Backup and Restore MSR IA32_U_CET in SMI handler.
Remove some unused code.
It is no need to clear MSR IA32_S_CET,
because clear CR4.CET bit will disable all CET functions.
Since CET is disabled between clear CR4.CET and run 'rsm',
it is no need to delay MSR IA32_S_CET restoration.
Patch V3:
Remove the 3rd patch. mSmmInterruptSspTables is a global variable.
It is unnecessary to initializ it to zero manually.
Patch V2:
No function change with Patch V1.
Split the patch to into 3 separate patches.
Sheng Wei (6):
MdePkg: Add macro definitions for CET feature for NASM files.
UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in
Cet.nasm.
UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm
files.
UefiCpuPkg: Only change CR4.CET bit for enable and disable CET.
UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler.
MdePkg: Use macro CR4_CET_BIT to replace hard code value.
MdePkg/Include/Cet.inc | 26 +++++++++++++
MdePkg/Library/BaseLib/Ia32/LongJump.nasm | 3 +-
MdePkg/Library/BaseLib/Ia32/SetJump.nasm | 3 +-
MdePkg/Library/BaseLib/X64/LongJump.nasm | 3 +-
MdePkg/Library/BaseLib/X64/SetJump.nasm | 3 +-
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm | 5 ++-
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 39 +++++++++++--------
UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm | 5 ++-
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 40 +++++++++++---------
9 files changed, 86 insertions(+), 41 deletions(-)
create mode 100644 MdePkg/Include/Cet.inc
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111234): https://edk2.groups.io/g/devel/message/111234
Mute This Topic: https://groups.io/mt/102599348/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 10+ messages in thread
* [edk2-devel] [PATCH v5 1/6] MdePkg: Add macro definitions for CET feature for NASM files.
2023-11-15 4:12 [edk2-devel] [PATCH v5 0/6] MdePkg: Add macro definitions for CET feature for NASM files Sheng Wei
@ 2023-11-15 4:12 ` Sheng Wei
2023-11-15 10:38 ` Laszlo Ersek
2023-11-21 5:31 ` Ni, Ray
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 2/6] UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in Cet.nasm Sheng Wei
` (4 subsequent siblings)
5 siblings, 2 replies; 10+ messages in thread
From: Sheng Wei @ 2023-11-15 4:12 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Laszlo Ersek, Wu Jiaxin, Tan Dun
Signed-off-by: Sheng Wei <w.sheng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Cc: Tan Dun <dun.tan@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
MdePkg/Include/Cet.inc | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
create mode 100644 MdePkg/Include/Cet.inc
diff --git a/MdePkg/Include/Cet.inc b/MdePkg/Include/Cet.inc
new file mode 100644
index 0000000000..a4038a0682
--- /dev/null
+++ b/MdePkg/Include/Cet.inc
@@ -0,0 +1,26 @@
+;------------------------------------------------------------------------------
+;
+; Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+; Abstract:
+;
+; This file provides macro definitions for CET feature for NASM files.
+;
+;------------------------------------------------------------------------------
+
+%define MSR_IA32_U_CET 0x6A0
+%define MSR_IA32_S_CET 0x6A2
+%define MSR_IA32_CET_SH_STK_EN 0x1
+%define MSR_IA32_CET_WR_SHSTK_EN 0x2
+%define MSR_IA32_CET_ENDBR_EN 0x4
+%define MSR_IA32_CET_LEG_IW_EN 0x8
+%define MSR_IA32_CET_NO_TRACK_EN 0x10
+%define MSR_IA32_CET_SUPPRESS_DIS 0x20
+%define MSR_IA32_CET_SUPPRESS 0x400
+%define MSR_IA32_CET_TRACKER 0x800
+%define MSR_IA32_PL0_SSP 0x6A4
+%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8
+
+%define CR4_CET_BIT 23
+%define CR4_CET 0x800000
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111235): https://edk2.groups.io/g/devel/message/111235
Mute This Topic: https://groups.io/mt/102599349/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [edk2-devel] [PATCH v5 2/6] UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in Cet.nasm.
2023-11-15 4:12 [edk2-devel] [PATCH v5 0/6] MdePkg: Add macro definitions for CET feature for NASM files Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 1/6] " Sheng Wei
@ 2023-11-15 4:12 ` Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 3/6] UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm files Sheng Wei
` (3 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Sheng Wei @ 2023-11-15 4:12 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Laszlo Ersek, Wu Jiaxin, Tan Dun
Signed-off-by: Sheng Wei <w.sheng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Cc: Tan Dun <dun.tan@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm | 5 +++--
UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm | 5 +++--
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm
index 9d66b9c5da..3d07da1cd4 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm
@@ -5,6 +5,7 @@
;-------------------------------------------------------------------------------
%include "Nasm.inc"
+%include "Cet.inc"
SECTION .text
@@ -16,7 +17,7 @@ ASM_PFX(DisableCet):
incsspd eax
mov eax, cr4
- btr eax, 23 ; clear CET
+ btr eax, CR4_CET_BIT ; clear CET
mov cr4, eax
ret
@@ -24,7 +25,7 @@ global ASM_PFX(EnableCet)
ASM_PFX(EnableCet):
mov eax, cr4
- bts eax, 23 ; set CET
+ bts eax, CR4_CET_BIT ; set CET
mov cr4, eax
; use jmp to skip the check for ret
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm
index 8bbdbb31cc..700aef4703 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm
@@ -5,6 +5,7 @@
;-------------------------------------------------------------------------------
%include "Nasm.inc"
+%include "Cet.inc"
DEFAULT REL
SECTION .text
@@ -17,7 +18,7 @@ ASM_PFX(DisableCet):
incsspq rax
mov rax, cr4
- btr eax, 23 ; clear CET
+ btr eax, CR4_CET_BIT ; clear CET
mov cr4, rax
ret
@@ -25,7 +26,7 @@ global ASM_PFX(EnableCet)
ASM_PFX(EnableCet):
mov rax, cr4
- bts eax, 23 ; set CET
+ bts eax, CR4_CET_BIT ; set CET
mov cr4, rax
; use jmp to skip the check for ret
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111236): https://edk2.groups.io/g/devel/message/111236
Mute This Topic: https://groups.io/mt/102599350/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [edk2-devel] [PATCH v5 3/6] UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm files.
2023-11-15 4:12 [edk2-devel] [PATCH v5 0/6] MdePkg: Add macro definitions for CET feature for NASM files Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 1/6] " Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 2/6] UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in Cet.nasm Sheng Wei
@ 2023-11-15 4:12 ` Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 4/6] UefiCpuPkg: Only change CR4.CET bit for enable and disable CET Sheng Wei
` (2 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Sheng Wei @ 2023-11-15 4:12 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Laszlo Ersek, Wu Jiaxin, Tan Dun
Signed-off-by: Sheng Wei <w.sheng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Cc: Tan Dun <dun.tan@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 14 +-------------
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 15 +--------------
2 files changed, 2 insertions(+), 27 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
index 19de5f614e..6368982433 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
@@ -15,19 +15,7 @@
%include "StuffRsbNasm.inc"
%include "Nasm.inc"
-
-%define MSR_IA32_S_CET 0x6A2
-%define MSR_IA32_CET_SH_STK_EN 0x1
-%define MSR_IA32_CET_WR_SHSTK_EN 0x2
-%define MSR_IA32_CET_ENDBR_EN 0x4
-%define MSR_IA32_CET_LEG_IW_EN 0x8
-%define MSR_IA32_CET_NO_TRACK_EN 0x10
-%define MSR_IA32_CET_SUPPRESS_DIS 0x20
-%define MSR_IA32_CET_SUPPRESS 0x400
-%define MSR_IA32_CET_TRACKER 0x800
-%define MSR_IA32_PL0_SSP 0x6A4
-
-%define CR4_CET 0x800000
+%include "Cet.inc"
%define MSR_IA32_MISC_ENABLE 0x1A0
%define MSR_EFER 0xc0000080
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
index d302ca8d01..9a225bc3be 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
@@ -15,25 +15,12 @@
%include "StuffRsbNasm.inc"
%include "Nasm.inc"
+%include "Cet.inc"
;
; Variables referenced by C code
;
-%define MSR_IA32_S_CET 0x6A2
-%define MSR_IA32_CET_SH_STK_EN 0x1
-%define MSR_IA32_CET_WR_SHSTK_EN 0x2
-%define MSR_IA32_CET_ENDBR_EN 0x4
-%define MSR_IA32_CET_LEG_IW_EN 0x8
-%define MSR_IA32_CET_NO_TRACK_EN 0x10
-%define MSR_IA32_CET_SUPPRESS_DIS 0x20
-%define MSR_IA32_CET_SUPPRESS 0x400
-%define MSR_IA32_CET_TRACKER 0x800
-%define MSR_IA32_PL0_SSP 0x6A4
-%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8
-
-%define CR4_CET 0x800000
-
%define MSR_IA32_MISC_ENABLE 0x1A0
%define MSR_EFER 0xc0000080
%define MSR_EFER_XD 0x800
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111237): https://edk2.groups.io/g/devel/message/111237
Mute This Topic: https://groups.io/mt/102599352/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [edk2-devel] [PATCH v5 4/6] UefiCpuPkg: Only change CR4.CET bit for enable and disable CET.
2023-11-15 4:12 [edk2-devel] [PATCH v5 0/6] MdePkg: Add macro definitions for CET feature for NASM files Sheng Wei
` (2 preceding siblings ...)
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 3/6] UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm files Sheng Wei
@ 2023-11-15 4:12 ` Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 5/6] UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 6/6] MdePkg: Use macro CR4_CET_BIT to replace hard code value Sheng Wei
5 siblings, 0 replies; 10+ messages in thread
From: Sheng Wei @ 2023-11-15 4:12 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Laszlo Ersek, Wu Jiaxin, Tan Dun
Signed-off-by: Sheng Wei <w.sheng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Cc: Tan Dun <dun.tan@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 10 +++++++---
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 10 +++++++---
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
index 6368982433..1da9afab97 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
@@ -237,7 +237,9 @@ CetInterruptDone:
bts ecx, 16 ; set WP
mov cr0, ecx
- mov eax, 0x668 | CR4_CET
+ ; set CR4.CET bit for enable CET
+ mov eax, cr4
+ bts eax, CR4_CET_BIT
mov cr4, eax
setssbsy
@@ -264,8 +266,10 @@ CetDone:
cmp al, 0
jz CetDone2
- mov eax, 0x668
- mov cr4, eax ; disable CET
+ ; clear CR4.CET bit for disable CET
+ mov eax, cr4
+ btr eax, CR4_CET_BIT
+ mov cr4, eax
mov ecx, MSR_IA32_PL0_SSP
pop eax
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
index 9a225bc3be..abf9f1a90a 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
@@ -263,7 +263,9 @@ CetInterruptDone:
bts ecx, 16 ; set WP
mov cr0, rcx
- mov eax, 0x668 | CR4_CET
+ ; set CR4.CET bit for enable CET
+ mov rax, cr4
+ bts rax, CR4_CET_BIT
mov cr4, rax
setssbsy
@@ -308,8 +310,10 @@ mCetSupportedAbsAddr:
cmp al, 0
jz CetDone2
- mov eax, 0x668
- mov cr4, rax ; disable CET
+ ; clear CR4.CET bit for disable CET
+ mov rax, cr4
+ btr rax, CR4_CET_BIT
+ mov cr4, rax
mov ecx, MSR_IA32_INTERRUPT_SSP_TABLE_ADDR
pop rax
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111238): https://edk2.groups.io/g/devel/message/111238
Mute This Topic: https://groups.io/mt/102599354/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [edk2-devel] [PATCH v5 5/6] UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler.
2023-11-15 4:12 [edk2-devel] [PATCH v5 0/6] MdePkg: Add macro definitions for CET feature for NASM files Sheng Wei
` (3 preceding siblings ...)
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 4/6] UefiCpuPkg: Only change CR4.CET bit for enable and disable CET Sheng Wei
@ 2023-11-15 4:12 ` Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 6/6] MdePkg: Use macro CR4_CET_BIT to replace hard code value Sheng Wei
5 siblings, 0 replies; 10+ messages in thread
From: Sheng Wei @ 2023-11-15 4:12 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Laszlo Ersek, Wu Jiaxin, Tan Dun
OS may enable CET-IBT feature by set MSR IA32_U_CET.bit2.
If IA32_U_CET.bit2 is set, CPU is in WAIT_FOR_ENDBRANCH state and
the next assemble code is not ENDBR, it will trigger #CP exception
when set CR4.CET bit.
SMI handler needs to backup MSR IA32_U_CET and clear MSR IA32_U_CET
before set CR4.CET bit,
And SMI handler needs to restore MSR IA32_U_CET when exit SMI handler.
Signed-off-by: Sheng Wei <w.sheng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Cc: Tan Dun <dun.tan@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 15 +++++++++++++++
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 15 +++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
index 1da9afab97..9e1155dee6 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
@@ -202,11 +202,21 @@ ASM_PFX(mPatchCetSupported):
push edx
push eax
+ mov ecx, MSR_IA32_U_CET
+ rdmsr
+ push edx
+ push eax
+
mov ecx, MSR_IA32_PL0_SSP
rdmsr
push edx
push eax
+ mov ecx, MSR_IA32_U_CET
+ xor eax, eax
+ xor edx, edx
+ wrmsr
+
mov ecx, MSR_IA32_S_CET
mov eax, MSR_IA32_CET_SH_STK_EN
xor edx, edx
@@ -276,6 +286,11 @@ CetDone:
pop edx
wrmsr
+ mov ecx, MSR_IA32_U_CET
+ pop eax
+ pop edx
+ wrmsr
+
mov ecx, MSR_IA32_S_CET
pop eax
pop edx
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
index abf9f1a90a..881d3177f7 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
@@ -217,6 +217,11 @@ ASM_PFX(mPatchCetSupported):
push rdx
push rax
+ mov ecx, MSR_IA32_U_CET
+ rdmsr
+ push rdx
+ push rax
+
mov ecx, MSR_IA32_PL0_SSP
rdmsr
push rdx
@@ -227,6 +232,11 @@ ASM_PFX(mPatchCetSupported):
push rdx
push rax
+ mov ecx, MSR_IA32_U_CET
+ xor eax, eax
+ xor edx, edx
+ wrmsr
+
mov ecx, MSR_IA32_S_CET
mov eax, MSR_IA32_CET_SH_STK_EN
xor edx, edx
@@ -325,6 +335,11 @@ mCetSupportedAbsAddr:
pop rdx
wrmsr
+ mov ecx, MSR_IA32_U_CET
+ pop rax
+ pop rdx
+ wrmsr
+
mov ecx, MSR_IA32_S_CET
pop rax
pop rdx
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111239): https://edk2.groups.io/g/devel/message/111239
Mute This Topic: https://groups.io/mt/102599355/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [edk2-devel] [PATCH v5 6/6] MdePkg: Use macro CR4_CET_BIT to replace hard code value.
2023-11-15 4:12 [edk2-devel] [PATCH v5 0/6] MdePkg: Add macro definitions for CET feature for NASM files Sheng Wei
` (4 preceding siblings ...)
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 5/6] UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler Sheng Wei
@ 2023-11-15 4:12 ` Sheng Wei
2023-11-15 10:37 ` Laszlo Ersek
5 siblings, 1 reply; 10+ messages in thread
From: Sheng Wei @ 2023-11-15 4:12 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Laszlo Ersek, Wu Jiaxin, Tan Dun
The macro is used in file LongJump.nasm and SetJump.nasm.
Signed-off-by: Sheng Wei <w.sheng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Cc: Tan Dun <dun.tan@intel.com>
---
MdePkg/Library/BaseLib/Ia32/LongJump.nasm | 3 ++-
MdePkg/Library/BaseLib/Ia32/SetJump.nasm | 3 ++-
MdePkg/Library/BaseLib/X64/LongJump.nasm | 3 ++-
MdePkg/Library/BaseLib/X64/SetJump.nasm | 3 ++-
4 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm
index 6c13dfe307..df1bf9749e 100644
--- a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm
+++ b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm
@@ -14,6 +14,7 @@
;------------------------------------------------------------------------------
%include "Nasm.inc"
+%include "Cet.inc"
SECTION .text
@@ -34,7 +35,7 @@ ASM_PFX(InternalLongJump):
test eax, eax
jz CetDone
mov eax, cr4
- bt eax, 23 ; check if CET is enabled
+ bt eax, CR4_CET_BIT ; check if CET is enabled
jnc CetDone
mov edx, [esp + 4] ; edx = JumpBuffer
diff --git a/MdePkg/Library/BaseLib/Ia32/SetJump.nasm b/MdePkg/Library/BaseLib/Ia32/SetJump.nasm
index 2577373241..0c484f6852 100644
--- a/MdePkg/Library/BaseLib/Ia32/SetJump.nasm
+++ b/MdePkg/Library/BaseLib/Ia32/SetJump.nasm
@@ -14,6 +14,7 @@
;------------------------------------------------------------------------------
%include "Nasm.inc"
+%include "Cet.inc"
SECTION .text
@@ -42,7 +43,7 @@ ASM_PFX(SetJump):
test eax, eax
jz CetDone
mov eax, cr4
- bt eax, 23 ; check if CET is enabled
+ bt eax, CR4_CET_BIT ; check if CET is enabled
jnc CetDone
mov eax, 1
diff --git a/MdePkg/Library/BaseLib/X64/LongJump.nasm b/MdePkg/Library/BaseLib/X64/LongJump.nasm
index 2002f65cba..021b49e855 100644
--- a/MdePkg/Library/BaseLib/X64/LongJump.nasm
+++ b/MdePkg/Library/BaseLib/X64/LongJump.nasm
@@ -14,6 +14,7 @@
;------------------------------------------------------------------------------
%include "Nasm.inc"
+%include "Cet.inc"
DEFAULT REL
SECTION .text
@@ -35,7 +36,7 @@ ASM_PFX(InternalLongJump):
test eax, eax
jz CetDone
mov rax, cr4
- bt eax, 23 ; check if CET is enabled
+ bt eax, CR4_CET_BIT ; check if CET is enabled
jnc CetDone
push rdx ; save rdx
diff --git a/MdePkg/Library/BaseLib/X64/SetJump.nasm b/MdePkg/Library/BaseLib/X64/SetJump.nasm
index 5943a5ebe5..d2c0991e66 100644
--- a/MdePkg/Library/BaseLib/X64/SetJump.nasm
+++ b/MdePkg/Library/BaseLib/X64/SetJump.nasm
@@ -14,6 +14,7 @@
;------------------------------------------------------------------------------
%include "Nasm.inc"
+%include "Cet.inc"
DEFAULT REL
SECTION .text
@@ -44,7 +45,7 @@ ASM_PFX(SetJump):
test eax, eax
jz CetDone
mov rax, cr4
- bt eax, 23 ; check if CET is enabled
+ bt eax, CR4_CET_BIT ; check if CET is enabled
jnc CetDone
mov rax, 1
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111240): https://edk2.groups.io/g/devel/message/111240
Mute This Topic: https://groups.io/mt/102599356/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH v5 6/6] MdePkg: Use macro CR4_CET_BIT to replace hard code value.
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 6/6] MdePkg: Use macro CR4_CET_BIT to replace hard code value Sheng Wei
@ 2023-11-15 10:37 ` Laszlo Ersek
0 siblings, 0 replies; 10+ messages in thread
From: Laszlo Ersek @ 2023-11-15 10:37 UTC (permalink / raw)
To: devel, w.sheng; +Cc: Eric Dong, Ray Ni, Wu Jiaxin, Tan Dun
On 11/15/23 05:12, Sheng Wei wrote:
> The macro is used in file LongJump.nasm and SetJump.nasm.
>
> Signed-off-by: Sheng Wei <w.sheng@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Wu Jiaxin <jiaxin.wu@intel.com>
> Cc: Tan Dun <dun.tan@intel.com>
> ---
> MdePkg/Library/BaseLib/Ia32/LongJump.nasm | 3 ++-
> MdePkg/Library/BaseLib/Ia32/SetJump.nasm | 3 ++-
> MdePkg/Library/BaseLib/X64/LongJump.nasm | 3 ++-
> MdePkg/Library/BaseLib/X64/SetJump.nasm | 3 ++-
> 4 files changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm
> index 6c13dfe307..df1bf9749e 100644
> --- a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm
> +++ b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm
> @@ -14,6 +14,7 @@
> ;------------------------------------------------------------------------------
>
> %include "Nasm.inc"
> +%include "Cet.inc"
>
> SECTION .text
>
> @@ -34,7 +35,7 @@ ASM_PFX(InternalLongJump):
> test eax, eax
> jz CetDone
> mov eax, cr4
> - bt eax, 23 ; check if CET is enabled
> + bt eax, CR4_CET_BIT ; check if CET is enabled
> jnc CetDone
>
> mov edx, [esp + 4] ; edx = JumpBuffer
> diff --git a/MdePkg/Library/BaseLib/Ia32/SetJump.nasm b/MdePkg/Library/BaseLib/Ia32/SetJump.nasm
> index 2577373241..0c484f6852 100644
> --- a/MdePkg/Library/BaseLib/Ia32/SetJump.nasm
> +++ b/MdePkg/Library/BaseLib/Ia32/SetJump.nasm
> @@ -14,6 +14,7 @@
> ;------------------------------------------------------------------------------
>
> %include "Nasm.inc"
> +%include "Cet.inc"
>
> SECTION .text
>
> @@ -42,7 +43,7 @@ ASM_PFX(SetJump):
> test eax, eax
> jz CetDone
> mov eax, cr4
> - bt eax, 23 ; check if CET is enabled
> + bt eax, CR4_CET_BIT ; check if CET is enabled
> jnc CetDone
>
> mov eax, 1
> diff --git a/MdePkg/Library/BaseLib/X64/LongJump.nasm b/MdePkg/Library/BaseLib/X64/LongJump.nasm
> index 2002f65cba..021b49e855 100644
> --- a/MdePkg/Library/BaseLib/X64/LongJump.nasm
> +++ b/MdePkg/Library/BaseLib/X64/LongJump.nasm
> @@ -14,6 +14,7 @@
> ;------------------------------------------------------------------------------
>
> %include "Nasm.inc"
> +%include "Cet.inc"
>
> DEFAULT REL
> SECTION .text
> @@ -35,7 +36,7 @@ ASM_PFX(InternalLongJump):
> test eax, eax
> jz CetDone
> mov rax, cr4
> - bt eax, 23 ; check if CET is enabled
> + bt eax, CR4_CET_BIT ; check if CET is enabled
> jnc CetDone
>
> push rdx ; save rdx
> diff --git a/MdePkg/Library/BaseLib/X64/SetJump.nasm b/MdePkg/Library/BaseLib/X64/SetJump.nasm
> index 5943a5ebe5..d2c0991e66 100644
> --- a/MdePkg/Library/BaseLib/X64/SetJump.nasm
> +++ b/MdePkg/Library/BaseLib/X64/SetJump.nasm
> @@ -14,6 +14,7 @@
> ;------------------------------------------------------------------------------
>
> %include "Nasm.inc"
> +%include "Cet.inc"
>
> DEFAULT REL
> SECTION .text
> @@ -44,7 +45,7 @@ ASM_PFX(SetJump):
> test eax, eax
> jz CetDone
> mov rax, cr4
> - bt eax, 23 ; check if CET is enabled
> + bt eax, CR4_CET_BIT ; check if CET is enabled
> jnc CetDone
>
> mov rax, 1
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111251): https://edk2.groups.io/g/devel/message/111251
Mute This Topic: https://groups.io/mt/102599356/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH v5 1/6] MdePkg: Add macro definitions for CET feature for NASM files.
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 1/6] " Sheng Wei
@ 2023-11-15 10:38 ` Laszlo Ersek
2023-11-21 5:31 ` Ni, Ray
1 sibling, 0 replies; 10+ messages in thread
From: Laszlo Ersek @ 2023-11-15 10:38 UTC (permalink / raw)
To: devel, w.sheng; +Cc: Eric Dong, Ray Ni, Wu Jiaxin, Tan Dun
On 11/15/23 05:12, Sheng Wei wrote:
> Signed-off-by: Sheng Wei <w.sheng@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Wu Jiaxin <jiaxin.wu@intel.com>
> Cc: Tan Dun <dun.tan@intel.com>
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
> ---
> MdePkg/Include/Cet.inc | 26 ++++++++++++++++++++++++++
> 1 file changed, 26 insertions(+)
> create mode 100644 MdePkg/Include/Cet.inc
>
> diff --git a/MdePkg/Include/Cet.inc b/MdePkg/Include/Cet.inc
> new file mode 100644
> index 0000000000..a4038a0682
> --- /dev/null
> +++ b/MdePkg/Include/Cet.inc
> @@ -0,0 +1,26 @@
> +;------------------------------------------------------------------------------
> +;
> +; Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
> +; SPDX-License-Identifier: BSD-2-Clause-Patent
> +;
> +; Abstract:
> +;
> +; This file provides macro definitions for CET feature for NASM files.
> +;
> +;------------------------------------------------------------------------------
> +
> +%define MSR_IA32_U_CET 0x6A0
> +%define MSR_IA32_S_CET 0x6A2
> +%define MSR_IA32_CET_SH_STK_EN 0x1
> +%define MSR_IA32_CET_WR_SHSTK_EN 0x2
> +%define MSR_IA32_CET_ENDBR_EN 0x4
> +%define MSR_IA32_CET_LEG_IW_EN 0x8
> +%define MSR_IA32_CET_NO_TRACK_EN 0x10
> +%define MSR_IA32_CET_SUPPRESS_DIS 0x20
> +%define MSR_IA32_CET_SUPPRESS 0x400
> +%define MSR_IA32_CET_TRACKER 0x800
> +%define MSR_IA32_PL0_SSP 0x6A4
> +%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8
> +
> +%define CR4_CET_BIT 23
> +%define CR4_CET 0x800000
Works for me; it also solves the question of "where exactly put this
under UefiCpuPkg" -- well, put it under MdePkg. :)
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111252): https://edk2.groups.io/g/devel/message/111252
Mute This Topic: https://groups.io/mt/102599349/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH v5 1/6] MdePkg: Add macro definitions for CET feature for NASM files.
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 1/6] " Sheng Wei
2023-11-15 10:38 ` Laszlo Ersek
@ 2023-11-21 5:31 ` Ni, Ray
1 sibling, 0 replies; 10+ messages in thread
From: Ni, Ray @ 2023-11-21 5:31 UTC (permalink / raw)
To: Sheng, W, devel@edk2.groups.io, Kinney, Michael D
Cc: Dong, Eric, Laszlo Ersek, Wu, Jiaxin, Tan, Dun
> ---
> MdePkg/Include/Cet.inc | 26 ++++++++++++++++++++++++++
1. I am not sure adding "Cet.inc" in MdePkg/Include is ok as Cet.inc only contains definitions for x86 CPU.
Is it better to add the macros to existing Ia32/Nasm.inc, X64/Nasm.inc?
But that would cause duplicated macro definitions in the two INC files.
So I am not sure which way is better.
@Kinney, Michael D, comments?
>
> +%define MSR_IA32_U_CET 0x6A0
>
> +%define MSR_IA32_S_CET 0x6A2
>
> +%define MSR_IA32_CET_SH_STK_EN 0x1
2. can you use "<<" such as:
%define MSR_IA32_CET_SH_STK_EN (1<<0)
>
> +%define MSR_IA32_CET_WR_SHSTK_EN 0x2
>
> +%define MSR_IA32_CET_ENDBR_EN 0x4
>
> +%define MSR_IA32_CET_LEG_IW_EN 0x8
>
> +%define MSR_IA32_CET_NO_TRACK_EN 0x10
>
> +%define MSR_IA32_CET_SUPPRESS_DIS 0x20
>
> +%define MSR_IA32_CET_SUPPRESS 0x400
>
> +%define MSR_IA32_CET_TRACKER 0x800
>
> +%define MSR_IA32_PL0_SSP 0x6A4
>
> +%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8
>
> +
>
> +%define CR4_CET_BIT 23
>
> +%define CR4_CET 0x800000
3. %define CR4_CET (1<<CR4_CET_BIT)
>
> --
> 2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111512): https://edk2.groups.io/g/devel/message/111512
Mute This Topic: https://groups.io/mt/102599349/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2023-11-21 5:32 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-15 4:12 [edk2-devel] [PATCH v5 0/6] MdePkg: Add macro definitions for CET feature for NASM files Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 1/6] " Sheng Wei
2023-11-15 10:38 ` Laszlo Ersek
2023-11-21 5:31 ` Ni, Ray
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 2/6] UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in Cet.nasm Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 3/6] UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm files Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 4/6] UefiCpuPkg: Only change CR4.CET bit for enable and disable CET Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 5/6] UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler Sheng Wei
2023-11-15 4:12 ` [edk2-devel] [PATCH v5 6/6] MdePkg: Use macro CR4_CET_BIT to replace hard code value Sheng Wei
2023-11-15 10:37 ` Laszlo Ersek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox