From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.20; helo=mga02.intel.com; envelope-from=ray.ni@intel.com; receiver=edk2-devel@lists.01.org Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 97B3E211CAC9F for ; Fri, 22 Feb 2019 06:29:26 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Feb 2019 06:29:25 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,400,1544515200"; d="scan'208";a="116980704" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by orsmga007.jf.intel.com with ESMTP; 22 Feb 2019 06:29:25 -0800 Received: from fmsmsx114.amr.corp.intel.com (10.18.116.8) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 22 Feb 2019 06:29:25 -0800 Received: from shsmsx107.ccr.corp.intel.com (10.239.4.96) by FMSMSX114.amr.corp.intel.com (10.18.116.8) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 22 Feb 2019 06:29:24 -0800 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.102]) by SHSMSX107.ccr.corp.intel.com ([169.254.9.162]) with mapi id 14.03.0415.000; Fri, 22 Feb 2019 22:29:23 +0800 From: "Ni, Ray" To: "Yao, Jiewen" , "edk2-devel@lists.01.org" CC: "Kinney, Michael D" , "Gao, Liming" , "Dong, Eric" , Laszlo Ersek Thread-Topic: [PATCH V3 0/4] Add SMM CET support Thread-Index: AQHUyrLa/f5zLWJPXEirFrIH4x18MaXr4JWw Date: Fri, 22 Feb 2019 14:29:22 +0000 Message-ID: <734D49CCEBEEF84792F5B80ED585239D5C02D9A3@SHSMSX104.ccr.corp.intel.com> References: <20190222133036.28468-1-jiewen.yao@intel.com> In-Reply-To: <20190222133036.28468-1-jiewen.yao@intel.com> Accept-Language: en-US, zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNTVhNDA0NWQtZDgwNC00ODQwLWE5MzUtMGJiOWRhMWNjZTVlIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoic1wvXC80cTA5NzRtNDBSR25qc3hQK25kaDZQQ2g1RzNJUXNCYlVxVVwvXC9kQ3oxeW5BSkZrMXNKNHFKWlFJNWw0SnYifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH V3 0/4] Add SMM CET support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Feb 2019 14:29:26 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Ray Ni > -----Original Message----- > From: Yao, Jiewen > Sent: Friday, February 22, 2019 9:31 PM > To: edk2-devel@lists.01.org > Cc: Kinney, Michael D ; Gao, Liming > ; Dong, Eric ; Ni, Ray > ; Laszlo Ersek ; Yao, Jiewen > > Subject: [PATCH V3 0/4] Add SMM CET support >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1521 >=20 > V3: > Add Nasm.inc to include CET related instruction as MACRO. > This is the only place to use DB. > Any other NASM just use the MACRO - > SETSSBSY, READSSP_[E|R]AX, INCSSP_[E|R]AX =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > V2: > Fix emulation platform issue. > The NT32 platform cannot access CR4 register. > So we add a global PCD to choose disable CR4 access in SetJump/LongJump. > gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > This patch series implement add CET ShadowStack support for SMM. >=20 > The CET document can be found at: > https://software.intel.com/sites/default/files/managed/4d/2a/control-flow= - > enforcement-technology-preview.pdf >=20 > Patch 1 adds SSP (ShadowStackPointer) to JUMP_BUFFER. > Patch 2 adds Control Protection exception (CP#) dump info. > Patch 3 adds CET ShadowStack support in SMM. >=20 > For more detail please refer to each patch. >=20 > I also post all update to https://github.com/jyao1/edk2/tree/CET_V2 >=20 > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Eric Dong > Cc: Ray Ni > Cc: Laszlo Ersek > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Yao Jiewen >=20 > Jiewen Yao (4): > MdePkg/Include: Add Nasm.inc > MdePkg/BaseLib: Add Shadow Stack Support for X86. > UefiCpuPkg/ExceptionLib: Add CET support. > UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM. >=20 > MdePkg/Include/Ia32/Nasm.inc | 28 ++++ > MdePkg/Include/Library/BaseLib.h | 2 + > MdePkg/Include/X64/Nasm.inc | 28 ++++ > MdePkg/Library/BaseLib/BaseLib.inf | 3 +- > MdePkg/Library/BaseLib/Ia32/LongJump.c | 28 +++- > MdePkg/Library/BaseLib/Ia32/LongJump.nasm | 25 +++- > MdePkg/Library/BaseLib/Ia32/SetJump.c | 28 +++- > MdePkg/Library/BaseLib/Ia32/SetJump.nasm | 23 +++- > MdePkg/Library/BaseLib/X64/LongJump.nasm | 27 +++- > MdePkg/Library/BaseLib/X64/SetJump.nasm | 23 +++- > MdePkg/MdePkg.dec | 7 + > .../Include/Library/SmmCpuFeaturesLib.h | 23 +++- > .../CpuExceptionCommon.c | 7 +- > .../CpuExceptionCommon.h | 3 +- > .../Ia32/ArchExceptionHandler.c | 5 +- > .../X64/ArchExceptionHandler.c | 5 +- > UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm | 39 ++++++ > UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 38 +++++- > UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 99 ++++++++++++++- > .../PiSmmCpuDxeSmm/Ia32/SmiException.nasm | 6 +- > UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c | 57 ++++++++- > UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 12 +- > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 97 ++++++++++++-- > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 103 > ++++++++++++++- > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 6 +- > .../PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 85 ++++++++++++- > UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 18 ++- > UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h | 4 +- > UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c | 4 +- > UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm | 40 ++++++ > UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 39 +++++- > UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 120 > +++++++++++++++++- > UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 58 ++++++++- > UefiCpuPkg/UefiCpuPkg.dec | 6 +- > 34 files changed, 1034 insertions(+), 62 deletions(-) create mode 10064= 4 > MdePkg/Include/Ia32/Nasm.inc create mode 100644 > MdePkg/Include/X64/Nasm.inc create mode 100644 > UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm > create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm >=20 > -- > 2.19.2.windows.1