From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id BFC43AC0E39 for ; Wed, 6 Dec 2023 08:16:37 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=nVKdgUbfkmzFDfi1EOtedSoKHmzfrxYLKbilCQUrFPY=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1701850596; v=1; b=w+uf0L4EOMpGJa3lVCSpr+o1C8pX/qz2d70WNObloboz+RitAXexoUMDM+YzZN5RiT0e3dDg ztPkNNbqYoavoge4n/E+C3gEDSuoI3Ddzr6fomRajPlxzAb5sItcrhDprG1Ri6IQLZoMexHlISH suXZW/WAg/ZuKoUEU/Xvf5ls= X-Received: by 127.0.0.2 with SMTP id M9gdYY7687511xc9JHtpItBq; Wed, 06 Dec 2023 00:16:36 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.10]) by mx.groups.io with SMTP id smtpd.web11.26660.1701850587670127710 for ; Wed, 06 Dec 2023 00:16:36 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10915"; a="1118505" X-IronPort-AV: E=Sophos;i="6.04,254,1695711600"; d="scan'208";a="1118505" X-Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmvoesa104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Dec 2023 00:16:35 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10915"; a="837240867" X-IronPort-AV: E=Sophos;i="6.04,254,1695711600"; d="scan'208";a="837240867" X-Received: from shwdesssddpdwei.ccr.corp.intel.com ([10.239.157.28]) by fmsmga008.fm.intel.com with ESMTP; 06 Dec 2023 00:16:34 -0800 From: "Sheng Wei" To: devel@edk2.groups.io Cc: Eric Dong , Ray Ni , Laszlo Ersek , Wu Jiaxin , Tan Dun Subject: [edk2-devel] [PATCH v7 5/5] UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler. Date: Wed, 6 Dec 2023 16:16:24 +0800 Message-Id: <20231206081624.1370-6-w.sheng@intel.com> In-Reply-To: <20231206081624.1370-1-w.sheng@intel.com> References: <20231206081624.1370-1-w.sheng@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,w.sheng@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: ut3CohVfoU7vOOEQElr1ChTRx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=w+uf0L4E; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io OS may enable CET-IBT feature by set MSR IA32_U_CET.bit2. If IA32_U_CET.bit2 is set, CPU is in WAIT_FOR_ENDBRANCH state and the next assemble code is not ENDBR, it will trigger #CP exception when set CR4.CET bit. SMI handler needs to backup MSR IA32_U_CET and clear MSR IA32_U_CET before set CR4.CET bit, And SMI handler needs to restore MSR IA32_U_CET when exit SMI handler. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 15 +++++++++++++++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 15 +++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSm= mCpuDxeSmm/Ia32/SmiEntry.nasm index 1da9afab97..9e1155dee6 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -202,11 +202,21 @@ ASM_PFX(mPatchCetSupported): push edx=0D push eax=0D =0D + mov ecx, MSR_IA32_U_CET=0D + rdmsr=0D + push edx=0D + push eax=0D +=0D mov ecx, MSR_IA32_PL0_SSP=0D rdmsr=0D push edx=0D push eax=0D =0D + mov ecx, MSR_IA32_U_CET=0D + xor eax, eax=0D + xor edx, edx=0D + wrmsr=0D +=0D mov ecx, MSR_IA32_S_CET=0D mov eax, MSR_IA32_CET_SH_STK_EN=0D xor edx, edx=0D @@ -276,6 +286,11 @@ CetDone: pop edx=0D wrmsr=0D =0D + mov ecx, MSR_IA32_U_CET=0D + pop eax=0D + pop edx=0D + wrmsr=0D +=0D mov ecx, MSR_IA32_S_CET=0D pop eax=0D pop edx=0D diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmm= CpuDxeSmm/X64/SmiEntry.nasm index abf9f1a90a..881d3177f7 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -217,6 +217,11 @@ ASM_PFX(mPatchCetSupported): push rdx=0D push rax=0D =0D + mov ecx, MSR_IA32_U_CET=0D + rdmsr=0D + push rdx=0D + push rax=0D +=0D mov ecx, MSR_IA32_PL0_SSP=0D rdmsr=0D push rdx=0D @@ -227,6 +232,11 @@ ASM_PFX(mPatchCetSupported): push rdx=0D push rax=0D =0D + mov ecx, MSR_IA32_U_CET=0D + xor eax, eax=0D + xor edx, edx=0D + wrmsr=0D +=0D mov ecx, MSR_IA32_S_CET=0D mov eax, MSR_IA32_CET_SH_STK_EN=0D xor edx, edx=0D @@ -325,6 +335,11 @@ mCetSupportedAbsAddr: pop rdx=0D wrmsr=0D =0D + mov ecx, MSR_IA32_U_CET=0D + pop rax=0D + pop rdx=0D + wrmsr=0D +=0D mov ecx, MSR_IA32_S_CET=0D pop rax=0D pop rdx=0D --=20 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112099): https://edk2.groups.io/g/devel/message/112099 Mute This Topic: https://groups.io/mt/103009381/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-